Stories
Slash Boxes
Comments

SoylentNews is people

Facebook And Twitter Profiles Silently Slurped By Shady Code

posted by Fnord666 on Wednesday November 27 2019, @10:07AM   Printer-friendly
from the stop-me-if-you've-heard-this-one dept.

Arthur T Knackerbracket has found the following story:

Twitter and Facebook on Monday claimed some third-party apps quietly collected swathes of personal information from people's accounts without permission.

The antisocial networks blamed the data slurp on what they termed a pair of "malicious" software development kits (SDKs) used by the third-party iOS and Android apps to display ads. Once a user was logged into either service using one of these applications, the embedded SDK could silently access that user's profile and covertly collect information, it is claimed.

[...] [Facebook said] "Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores," a Facebook spokesperson told The Register.

"After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts."

Spokespeople for oneAudience declined to comment. Meanwhile, MobiBurn has issued a public statement on the matter.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Facebook And Twitter Profiles Silently Slurped By Shady Code | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by darkfeline on Thursday November 28 2019, @09:22AM (1 child)

    by darkfeline (1030) on Thursday November 28 2019, @09:22AM (#925601) Homepage

    If users permit code to access their own data, the user should be liable for it.

    These assholes want the best of all possible worlds, in which they can explicitly authorize arbitrary untrusted third parties to access their data freely and not have their data abused.

    --
    Join the SDF Public Access UNIX System today!
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by Runaway1956 on Thursday November 28 2019, @05:33PM

    by Runaway1956 (2926) Subscriber Badge on Thursday November 28 2019, @05:33PM (#925700) Journal

    explicitly authorize arbitrary untrusted third parties

    There was a day when I did not understand that the silly games and apps on social media were scarfing data. Unless you are born of a virgin, and your initials are J.C, you probably didn't understand it either. Like most people, we only began to understand that when we had our noses rubbed in it, by one means or another.

    When you install a game or app on Facebook, there is no banner headline telling you that "The creator of this stupid app will be able to access everything you do on our platform! Kiss any idea of privacy goodbye!"

    And, there needs to be such a warning. Not for you, not for me, probably not for anyone who frequents SN. It's the billions of bubbleheaded people who believe they are getting something for free who need that warning.

    As mentioned above, we were all conditioned to click through all that crap, even before FB came along.